gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add legacy access check for controllers

Browse Source
This commit is contained in:
Uwe Steinmann 2024-04-29 13:05:59 +02:00
parent 0d0fc4e50a
commit 44621c0bb6
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -9,6 +9,7 @@
- checkout info does not depend on whether the logged in user was substituted - checkout info does not depend on whether the logged in user was substituted
- add new endpoints for managing roles by rest api - add new endpoints for managing roles by rest api
- add transmittals in menu - add transmittals in menu
- add legacy access check for controllers
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 6.0.26 Changes in version 6.0.26

33
inc/inc.ClassAccessOperation.php
View File

@ -48,7 +48,7 @@ class SeedDMS_AccessOperation {
private $_aro; private $_aro;
/** /**
* @var array $legacy_access list of objects with access * @var array $legacy_access list of objects with access use for view and controller
* @access protected * @access protected
*/ */
private $legacy_access; private $legacy_access;
@ -65,6 +65,8 @@ class SeedDMS_AccessOperation {
'Search', 'Search',
'ViewDocument', 'ViewDocument',
'ViewFolder', 'ViewFolder',
'ViewOnline',
'Download',
); );
$this->legacy_access['user'] = array( $this->legacy_access['user'] = array(
'AddDocument', 'AddDocument',
@ -559,6 +561,32 @@ class SeedDMS_AccessOperation {
return false; return false;
} /* }}} */ } /* }}} */
protected function check_controller_legacy_access($controller, $get=array()) { /* {{{ */
if($this->user->isAdmin())
return true;
if(is_string($controller)) {
$scripts = array($controller);
} elseif(is_array($controller)) {
$scripts = $controller;
} elseif(is_subclass_of($controller, 'SeedDMS_Controller_Common')) {
$scripts = array($controller->getParam('class'));
} else {
return false;
}
if($this->user->isGuest()) {
$user_allowed = $this->legacy_access['guest'];
} else {
$user_allowed = $this->legacy_access['user'];
}
if(array_intersect($scripts, $user_allowed))
return true;
return false;
} /* }}} */
/** /**
* Check for access permission on view * Check for access permission on view
* *
@ -618,6 +646,8 @@ class SeedDMS_AccessOperation {
*/ */
function check_controller_access($controller, $get=array()) { /* {{{ */ function check_controller_access($controller, $get=array()) { /* {{{ */
if(!$this->settings->_advancedAcl) { if(!$this->settings->_advancedAcl) {
return $this->check_controller_legacy_access($controller, $get);
/*
if($this->user->isGuest()) if($this->user->isGuest())
return false; return false;
elseif($this->user->isAdmin()) elseif($this->user->isAdmin())
@ -627,6 +657,7 @@ class SeedDMS_AccessOperation {
return false; return false;
return true; return true;
} }
*/
} }
if(is_string($controller)) { if(is_string($controller)) {
$scripts = array($controller); $scripts = array($controller);